Idea: No cookies for visitors

Random stuff about serendipity. Discussion, Questions, Paraphernalia.
Post Reply
hanno
Regular
Posts: 72
Joined: Fri May 20, 2005 8:04 am
Contact:

Idea: No cookies for visitors

Post by hanno » Fri Nov 09, 2007 7:12 pm

For privacy reasons, I don't like it when websites set cookies when I just want to read them.

Serendipity does that, although it's just a session id.

My suggestion would be that s9y only opens a php-session if the user does something that requires a session (login, whatever plugin-features need sessions), but that simple viewing of the blog doesn't cause a session to be opened.

Toughts?

chickens
Regular
Posts: 192
Joined: Wed Dec 06, 2006 12:15 am
Location: Vegas
Contact:

Post by chickens » Fri Nov 09, 2007 10:49 pm

Serendipity is a framework for plugins. By initiating a session no matter what it allows for plugins to utilize it if needed. By removing the session cookie it could possibly break plugins. I have no idea if this would actually happen, but it is a very high probability.

That being said, I think it would be a decent idea to remove the sessions from a performance side. In my experience sessions can slow down servers with a ton of traffic.

From a security standpoint I do not see the reason to want to remove the cookie. The only thing that cookie really says is that you've been to the site. Other than that the cookie is harmless.

User avatar
garvinhicking
Core Developer
Posts: 30020
Joined: Tue Sep 16, 2003 9:45 pm
Location: Cologne, Germany
Contact:

Post by garvinhicking » Sun Nov 11, 2007 2:44 pm

Hi!

Plus, cookies are requred for people to send comments and for the anti-spam measurements.

As chickens pointed out, s9y always has to draw a line between offering functionality and adaptionality. In this case, sessions are just too important for providing functionality to make them optional.

I don't see an easy way to check, when a session is required and when not. The problem is often sesions are simply utilized by plugins, themes or the core. I see much more other parts on s9y where work should be invested, so these cookie issues are really an ultra-low priority for myself. If anyone else wants to dive into it, have a go :)

Regards,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/

Post Reply